Currently I am running with some issue where I need to write an utility in python to install certificate for an ingress in a namespace for given host & subject alt names. Any help will be much appreciated.
Python utility for cert generation
183 Views Asked by spot_aws At
2
There are 2 best solutions below
0
rohanmehto2
On
If you want to request certificates dynamically on demand then consider using a ssl client which has a REST interface, for example CFSSL. Its pretty simple to keep it running as a server and requesting ssl certificates with lots of configuration options.
Also if you're looking for more managed stuff, also consider setting up Lemur. It is an open source software by Netflix which makes it a lot more easier to manage ssl certificates along with some added functionalities like role based access, sources, destinations and good old user interface.
You can run cfssl server inside a pod and use it internally to request certificates, of course after setting up a CA and ideally a subCA too. It already has a docker image which you can use directly with minimal configuration changes.
Related Questions in PYTHON
- How to store a date/time in sqlite (or something similar to a date)
- Instagrapi recently showing HTTPError and UnknownError
- How to Retrieve Data from an MySQL Database and Display it in a GUI?
- How to create a regular expression to partition a string that terminates in either ": 45" or ",", without the ": "
- Python Geopandas unable to convert latitude longitude to points
- Influence of Unused FFN on Model Accuracy in PyTorch
- Seeking Python Libraries for Removing Extraneous Characters and Spaces in Text
- Writes to child subprocess.Popen.stdin don't work from within process group?
- Conda has two different python binarys (python and python3) with the same version for a single environment. Why?
- Problem with add new attribute in table with BOTO3 on python
- Can't install packages in python conda environment
- Setting diagonal of a matrix to zero
- List of numbers converted to list of strings to iterate over it. But receiving TypeError messages
- Basic Python Question: Shortening If Statements
- Python and regex, can't understand why some words are left out of the match
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in KUBERNETES-HELM
- Oracle setting up on k8s cluster using helm charts enterprise edition
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Kubernetes, Helm, Varnish, building vcl file
- Network Connectivity Issue with Akeyless Gateway
- Gitlab CI - helm cli not working in source bash script
- `helm upgrade` patch deployment when there is no change
- Troubleshooting Airflow Deployment on Kubernetes: Webserver Inaccessibility, Pod Crashes, and Timeout Issues
- Helm Variable Chart.Name in Chart.yaml
- Creating a default helm chart with custom values
- Why using keystore value in Elasticsearch helm chart results in this error?
- Helm pod deployment loop
- how to securely add password or secrets into a helm values.yaml file that will be commited in git?
- Druid runtime properties
- Setting up Jupyterhub in ArgoCD doesnt accept values.yaml
- In a Helm template, is it possible to override specific properties if there are same key with different values
Related Questions in KUBERNETES-INGRESS
- How can the ingress controller receive traffic from a certain port in loadbalancer to a specific path
- Cannot Access kubernetes application via ingress on Docker Desktop
- Error while minikube addons enable ingress on windows
- Nginx-Ingress connection to service timed out. 504 Gateway Timeout returned
- "Readiness probe failed: HTTP probe failed with statuscode: 503" at NGINX Insgress Controller pod in Kubernetes cluster
- Kubernetes Ingress Port to Port route
- Error configuration for nginx-ingress controller
- nginx-ingress is not able to route to pod application
- How to set AzureIngressProhibitedTarget without hostname?
- http app unreachable from tailscale and funnel and k8s
- How add a label from header in ingress-nginx for prom metrics
- helm chart testing connection failed
- 504 gateway timeout can lead to DB connection leak and how to fix
- Redirect from one alb to another one based on Authorization header content
- Next.js deployed locally with Kind - Error 502 Bad Gateway NGINX
Related Questions in SUBJECT-ALTERNATIVE-NAME
- Python function to Create CSRs with SAN
- Dynamic SAN or Bypassing SAN Check for a server certificate
- Unable to authenticate server certificate due to trailing spaces
- Self signed SSL certificate: Subject Alternative Name (SAN) gets lost when signing
- CA signed X509 cert contains X509v3 extension "Subject Alternative Name" twice
- HttpClient: Certificate for www.recaptcha.com doesn't match any of the subject alternative names
- OpenSSL x509 certificates and wildcard hostname checking
- How to copy Common name to subject alternative name using openssl.cnf or through openssl cmd
- Retrieve RegisteredID from subjectAltName
- Getting Subject Alternate Names with Pkcs10CertificationRequest
- Subject Alternative Names for Localhost
- Get x509 certificate by subject alternate name - c++
- NiFi bypass host name verification in SSL context service
- lighttpd configuration - does lighttpd authenticate with an address, e.g. subjectAltNames=IP:192.168.1.20?
- Add Subject Alternate Name to self signed certificate using wincrypt
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You can write the python utility and deploy it as deployment in Kubernetes.
You can deploy ingress controller or if you have already deployed ingress controller you can simply write the ingress rule and apply it to Kubernetes cluster.
For generating & managing SSL/TLS certificate you can use the cert-manager.
You can check this link : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes